RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures)

Actually, I don't see how the question of "accredited" VSPs is pertinent to this issue to begin with (and I mean apart from the fact that this is exactly the sort of constraint I've been told is anathema to the IETF and that a US policy is being quoted as a generic basis for decision-making - must be a goose and gander thing). Accredited VSPs have some linkage to the subscriber identity - they can apply whatever audit trail they can to who it is that is making the calls. They can do nothing about the trustability of the location information. Oh - unless you'd like to go down the 3GPP[2]/IMS route and say that VoIP calls can only be made from your home network or from a roaming partner network (forget being able to use arbitrary hot spots, municipal WiFi, or hotel broadband connections - that would rule out, say, Skype and Vonage) - so VoIP is just traditional cellular with an IP bearer for the voice? Cheers, Martin -----Original Message----- From: Brian Rosen [mailto:br@brianrosen.net] Sent: Thursday, 8 March 2007 3:36 AM To: 'Andrew Newton' Cc: g.caron@bell.ca; geopriv@ietf.org; Dawson, Martin; mlinsner@cisco.com Subject: RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures) Unless you can show that this is significantly different from the current situation where you DO get suspicious data, and we DO handle it satisfactorily, then I believe that we know the cure won't be worse than the disease. The benefit is known, and we have experience that the downside is not harmful. Your suggestion that only "accredited" VSPs can send calls to PSAPs is unworkable, although, again, there can be some suspicion associated with calls originating from an entity not known to the PSAP. However, that has nothing to do with the problem at hand, since the VSP doesn't supply location, the access network does. Brian > -----Original Message----- > From: Andrew Newton [mailto:andy@hxr.us] > Sent: Wednesday, March 07, 2007 11:24 AM > To: Brian Rosen > Cc: g.caron@bell.ca; geopriv@ietf.org; Martin.Dawson@andrew.com; > mlinsner@cisco.com > Subject: Re: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF- > LOdigitalsignatures) > > Brian, > > The problem is that the cure may end up worse than the disease. The > benefit is unknown or negligible, and the down sides can be downright > harmful. Place that against the added technical complexity and the > fact that the solution is patent encumbered with an unknown right to > use, and it is easy to see that the costs exceed the benefits. > > As for another way, NENA has already provided that answer: only > accredited VSPs can talk to PSAPs. That puts the problem on par with > the current solution of the PSTN. > > -andy > > On Mar 7, 2007, at 10:50 AM, Brian Rosen wrote: > > > Andy > > > > In all of this discussion, you seem unconvinced that the 9-1-1 call > > taker > > can deal with information that is marked suspicious, but may be > > correct. > > This happens already, they do handle it okay, and they are > > comfortable with > > information that may or not be correct. A typical example is that > > the ALI > > screen says one thing, the caller insists on another. This is > > suspicious, > > but permitted. The response will always go to where the caller > > said to go. > > There will be some follow up to determine how the discrepancy > > happened if it > > turns out the caller was right. > > > > Again, they do this now. It works. They want it. > > > > We're chasing our tail on this, and we need to figure a way out. I > > get that > > there are people who don't believe we get a sufficiently good > > defense to an > > acknowledged threat out of signing location. There are a group of > > us who > > think we do. Those of us who think so readily agree that unsigned > > location > > can be valid. However, we think the mechanism will effectively > > deter a very > > large class of not-highly-skilled and not-well-financed attackers. > > > > The largest problem continues to be that we are very significantly > > weakening > > the security of location as we move to the geopriv way of doing > > things. > > What used to be locked inside a wireline/wireless carrier's domain, > > with no > > access by end users is turning into an end user controlled > > environment. > > We're opening a huge security hole. We need some effective > > strategies to > > minimize this hole. We can't close it as securely as it was. We > > think > > signatures are one way to significantly help. You don't agree, I > > get it, > > but it sure would help if you had a better way. You are saying > > "no, no no" > > and not "not that way, use this way". > > > > Brian > > > >> -----Original Message----- > >> From: Andrew Newton [mailto:andy@hxr.us] > >> Sent: Wednesday, March 07, 2007 10:20 AM > >> To: g.caron@bell.ca > >> Cc: geopriv@ietf.org; Martin.Dawson@andrew.com; mlinsner@cisco.com > >> Subject: Re: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF- > >> LOdigitalsignatures) > >> > >> > >> On Feb 27, 2007, at 10:10 PM, g.caron@bell.ca wrote: > >>> - If the location provided verbally matches with the automated un- > >>> signed/fail-signed location, be suspicious before dispatching. Post- > >>> call investigation is required. > >>> > >>> - If the location provided verbally don't match with the automated > >>> signed location, process the call and report the error afterward to > >>> the location source (presumably the LIS operator). > >> > >> Guy, > >> > >> Here's the problem with that logic. Administrative screw-ups can > >> cause both of those problems, yet one type of screw up is considered > >> suspicious while the other type is not. From a security perspective, > >> this opens up a social engineering attack... the caller needs no > >> technical skill to defeat the signed location. All they need to do > >> is just verbally disagree with it. > >> > >> -andy > >> _______________________________________________ > >> Geopriv mailing list > >> Geopriv@ietf.org > >> https://www1.ietf.org/mailman/listinfo/geopriv > > > > > > _______________________________________________ > > Geopriv mailing list > > Geopriv@ietf.org > > https://www1.ietf.org/mailman/listinfo/geopriv ------------------------------------------------------------------------------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------------------------------ [mf2]

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Wed, 7 Mar 2007 15:35:15 -0600